<?php	
	$db = new MySQL();
	$username = (isset($_POST["txtuser"]))?$_POST["txtuser"]:"";
	$password = md5($_POST["txtpass"]);
	$email=(isset($_POST["txtemail"]))?$_POST["txtemail"]:"";
	$per=(isset($_POST["rdper"]))?$_POST["rdper"]:"";
	
	$table = "account";
	$id = $_GET['id'];
	$mod = $_GET['mod'];
	$curpg = $_POST['curpg'];
	
	
	$chk_catper = $_POST['chk_catper'];
	
	$list_catper = "";
	for($i=0; $i<count($chk_catper); $i++ )
	{
		if($i!=0) $list_catper .= ",";
		$list_catper .= $chk_catper[$i];
	}
	
	if ($_POST["form_"]=="edit")
	{
		if(isset($_GET['id']))
		{
			$query="update $table set email ='$email', per = '$per', list_catper = '$list_catper' ";
			$query.=" where id='$id'";
			$sql = $db->update($query);	
										
			$db->close();						
			echo "<script>location='?mod=".$mod."&act=edit&id=".$id."'</script>";		
		}
		else
		{
			$query="select username from $table where username='$username'";
			$sql = $db->select($query);			
			if ($db->numrows($sql) > 0)
			{		
				$db->close();	
				echo "<script language=javascript>alert('".$msg_name_exists."'); window.history.go(-1); </script>";	
			}
			else
			{
				$query="insert into $table (username, password, email, per, list_catper)";
				$query.=" values('$username', '$password', '$email', '$per', '$list_catper')";
				$id = $db->insert($query);						
															
				$db->close();	
				echo "<script>location='?mod=".$mod."&act=edit&id=".$id."'</script>";	
			}
		}
	}
	
	if ( $_POST['form_']=="delete")
	{
		$listid=$_POST["listid"];
		$strwhere="where id in ('".str_replace(",","','",$listid)."')";
		$query="delete from $table $strwhere";
		$sql = $db->delete($query);
		$db->close();				
		echo "<script>location='?mod=".$mod."&act=list&curpg=".$curpg."'</script>";
	}
				
?>
